A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » Software & Applications
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Possible virus or hacker



 
 
Thread Tools Display Modes
  #1  
Old June 21st 04, 04:51 AM
T H
external usenet poster
 
Posts: n/a
Default Possible virus or hacker

IE repeatedly sets it's homepage at something
called "about:blank" and pops up with an ad for spyware
detecters. Also, certain system files are missing or
corrupt. I've run virus scanners, spyware detecters,
scandisk, sfc and dr Watson. Neither detected anything,
however dr watson gave me this message:

--------------------
unknown has altered Windows system files.

Module Name: unknown


I also tried online v-scans from mcafee. I'm out of
options at this point. Is there anything else I can try?
  #2  
Old June 21st 04, 06:04 AM
glee
external usenet poster
 
Posts: n/a
Default Possible virus or hacker

It is a CoolWebSearch parasite variant:
http://www.spywareinfo.com/~merijn/c...tml#aboutblank

http://www.wilderssecurity.com/showp...40&postcount=4

You will need to follow these directions and wait for expert help in one of the
forums below, in order to correctly remove this.

Download, unzip, and run Hijack This from one of these locations:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads...HijackThis.exe
Unzip to a folder other than your Desktop or the Temp folder, doubleclick
HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Press that, save the log somewhere you can find it (Desktop, My Documents, or
similar).
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Copy the log files and paste them into a new post at one of these forums:
http://forum.aumha.org/
http://forums.net-integration.net/
http://computercops.biz/forums.html
http://forums.spywareinfo.com/index.php?showforum=30
http://tomcoyote.org/forums/
http://www.lavasoftsupport.com
http://boards.cexx.org/

The folks there will tell you what to remove.

A tutorial for using Hijack This is located he
http://tomcoyote.com/hjt/
and an in-depth tutorial is he
http://aumha.org/a/hjttutor.htm

You will probably also need to download CWShredder, the CoolWeb removal tool,
available he
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads...CWShredder.exe
http://aumha.org/downloads/cwshredder.zip

Do not run it until instructed by an expert in one of the forums above.
--
Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm


"T H" wrote in message
...
IE repeatedly sets it's homepage at something
called "about:blank" and pops up with an ad for spyware
detecters. Also, certain system files are missing or
corrupt. I've run virus scanners, spyware detecters,
scandisk, sfc and dr Watson. Neither detected anything,
however dr watson gave me this message:

--------------------
unknown has altered Windows system files.

Module Name: unknown


I also tried online v-scans from mcafee. I'm out of
options at this point. Is there anything else I can try?


  #3  
Old June 22nd 04, 05:22 PM
T H
external usenet poster
 
Posts: n/a
Default Possible virus or hacker

Ok, the CWS thing has been fixed. But the files that went
missing while it was there haven't returned. I've lost
Notebook.exe, all windows games, media player and MSN
Messenger and probably more I haven't noticed yet. I was
able to reload Messenger and Media Player, but the others
are still gone. Is there a way to get them back?
  #4  
Old June 23rd 04, 04:16 AM
glee
external usenet poster
 
Posts: n/a
Default Possible virus or hacker

Do you mean Notepad.exe?
Extract the file from your Windows CD (or the .cab file location on your hard
drive), using the "Extract one file" option of System File Checker (SFC).

HOW TO: Extract Original Compressed Windows Files:
http://support.microsoft.com/default...EN-US;129605#5

http://users.westelcom.com/rogersr/sfc.htm#1pp
http://users.westelcom.com/rogersr/sfc.htm#2pp

For the Games, go to Control Panel Windows Setup, uncheck the Games option if it is
check-marked, click Apply; then go back and check-mark Games again, and click
Apply. You may be prompted for your Windows CD.
--
Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm


"T H" wrote in message
...
Ok, the CWS thing has been fixed. But the files that went
missing while it was there haven't returned. I've lost
Notebook.exe, all windows games, media player and MSN
Messenger and probably more I haven't noticed yet. I was
able to reload Messenger and Media Player, but the others
are still gone. Is there a way to get them back?


  #5  
Old June 23rd 04, 06:42 PM
T H
external usenet poster
 
Posts: n/a
Default Possible virus or hacker

I tried restoring games, and they're back. But now
solitaire loads a green screen with weird writing on the
blue bar at the top then freezes my pc. I tried freecell
and get this message:

FREECELL caused a general protection fault
in module KRNL386.EXE at 0002:00003077.
Registers:
EAX=00000042 CS=0167 EIP=00003077 EFLGS=00000246
EBX=00020002 SS=3d67 ESP=00001af2 EBP=00001afa
ECX=00000001 DS=3d67 ESI=0002026c FS=05d7
EDX=00000000 ES=05d7 EDI=000081b8 GS=212f
Bytes at CS:EIP:
87 4d 22 e3 00 c3 8b 3e 06 00 33 c9 87 4d 22 c3
Stack dump:
07823118 3d67026c 09c51b12 02583d6f 00000042 074a0058
072a0000 0daa0001 02ce1b2c 0000026c 16c70058 3d67ffff
00000000 00583d67 1b460000 179f10d0

I found notepad.exe, but it was altered to
notepad.exe.bak, I had norton antivirus quarantine it and
restored a second copy of notepad.
  #6  
Old June 23rd 04, 09:13 PM
glee
external usenet poster
 
Posts: n/a
Default Possible virus or hacker

As I posted earlier:
Download, unzip, and run Hijack This from one of these locations:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads...HijackThis.exe
Unzip to a folder other than your Desktop or the Temp folder, doubleclick
HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Press that, save the log somewhere you can find it (Desktop, My Documents, or
similar).
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Copy the log files and paste them into a new post at one of these forums:
http://forum.aumha.org/
http://forums.net-integration.net/
http://computercops.biz/forums.html
http://forums.spywareinfo.com/index.php?showforum=30
http://tomcoyote.org/forums/
http://www.lavasoftsupport.com
http://boards.cexx.org/

The folks there will tell you what to remove.

A tutorial for using Hijack This is located he
http://tomcoyote.com/hjt/
and an in-depth tutorial is he
http://aumha.org/a/hjttutor.htm


Also, see if anything here applies:

Problems Running FreeCell And Solitaire with Office XP Installed
http://support.microsoft.com?kbid=304402

Err Msg: Solitaire Caused General Protection Fault in Module Sol.exe:
http://support.microsoft.com?kbid=234430

General Protection Fault When Starting Microsoft Solitai
http://support.microsoft.com?kbid=237900
--
Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm


"T H" wrote in message
...
I tried restoring games, and they're back. But now
solitaire loads a green screen with weird writing on the
blue bar at the top then freezes my pc. I tried freecell
and get this message:

FREECELL caused a general protection fault
in module KRNL386.EXE at 0002:00003077.
Registers:
EAX=00000042 CS=0167 EIP=00003077 EFLGS=00000246
EBX=00020002 SS=3d67 ESP=00001af2 EBP=00001afa
ECX=00000001 DS=3d67 ESI=0002026c FS=05d7
EDX=00000000 ES=05d7 EDI=000081b8 GS=212f
Bytes at CS:EIP:
87 4d 22 e3 00 c3 8b 3e 06 00 33 c9 87 4d 22 c3
Stack dump:
07823118 3d67026c 09c51b12 02583d6f 00000042 074a0058
072a0000 0daa0001 02ce1b2c 0000026c 16c70058 3d67ffff
00000000 00583d67 1b460000 179f10d0

I found notepad.exe, but it was altered to
notepad.exe.bak, I had norton antivirus quarantine it and
restored a second copy of notepad.


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
virus vs, hardware Tracy Poole General 1 July 1st 04 12:32 PM
Virus?? General 4 June 30th 04 10:27 PM
Virus protection on a network query Blair Networking 7 June 23rd 04 04:48 AM
Virus scanning issues Childsplay General 14 June 19th 04 01:27 AM
PC virus infected - to install another HDD to scan. Chew Francis Software & Applications 0 June 8th 04 10:14 AM


All times are GMT +1. The time now is 01:32 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.